Search in sources :

Example 56 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class DNBase2Attribute method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HttpSession session = request.getSession();
    if (session.getAttribute(key) == null) {
        AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        boolean isMember = false;
        if (authInfo.getUserDN().toLowerCase().endsWith(this.dn)) {
            isMember = true;
            logger.debug("User is member");
        } else {
            isMember = false;
            logger.debug("User is NOT member");
        }
        if (isMember) {
            Attribute attr = authInfo.getAttribs().get(this.attributeName);
            if (attr == null) {
                attr = new Attribute(this.attributeName);
                authInfo.getAttribs().put(this.attributeName, attr);
            }
            attr.getValues().add(this.attributeValue);
        }
        session.setAttribute(key, key);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 57 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class Group2Attribute method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HttpSession session = request.getSession();
    if (session.getAttribute(key) == null) {
        AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        boolean isMember = false;
        StringBuffer filter = new StringBuffer();
        LDAPSearchResults res = cfgMgr.getMyVD().search(groupDN, 0, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attribs);
        if (res.hasMore()) {
            res.next();
            isMember = true;
            logger.debug("User is member");
        } else {
            isMember = false;
            logger.debug("User is NOT member");
        }
        if (isMember) {
            Attribute attr = authInfo.getAttribs().get(this.attributeName);
            if (attr == null) {
                attr = new Attribute(this.attributeName);
                authInfo.getAttribs().put(this.attributeName, attr);
            }
            attr.getValues().add(this.attributeValue);
        }
        session.setAttribute(key, key);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 58 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class UnisonConfigManagerImpl method loadAuthMechs.

/* (non-Javadoc)
	 * @see com.tremolosecurity.config.util.ConfigManager#loadAuthMechs()
	 */
/* (non-Javadoc)
	 * @see com.tremolosecurity.config.util.UnisonConfigManager#loadAuthMechs()
	 */
@Override
public void loadAuthMechs() throws ServletException {
    try {
        this.mechs = new HashMap<String, AuthMechanism>();
        // UnisonConfigManagerImpl tremoloCfg = (UnisonConfigManagerImpl) ctx.getAttribute(ConfigFilter.TREMOLO_CONFIG);
        if (getCfg().getAuthMechs() != null) {
            Iterator<MechanismType> mechs = getCfg().getAuthMechs().getMechanism().iterator();
            while (mechs.hasNext()) {
                MechanismType mt = mechs.next();
                initializeAuthenticationMechanism(mt);
            }
        }
    } catch (Exception e) {
        throw new ServletException("Could not initialize Auth Mechanism Filter", e);
    }
    for (String key : this.authChains.keySet()) {
        AuthChainType act = this.authChains.get(key);
        if (act.getLevel() == 0) {
            this.anonAct = act;
            String mechName = act.getAuthMech().get(0).getName();
            this.anonAuthMech = (AnonAuth) this.getAuthMech(this.authMechs.get(mechName).getUri());
        }
    }
    if (this.anonAuthMech == null) {
        this.anonAct = new AuthChainType();
        this.anonAct.setFinishOnRequiredSucess(true);
        this.anonAct.setLevel(0);
        this.anonAct.setName("anon");
        this.anonAuthMech = new AnonAuth();
    }
    if (this.alwaysFailAuth == null) {
        this.alwaysFailAuth = new AlwaysFail();
        String failAuthUri = this.ctxPath + "/fail";
        this.mechs.put(failAuthUri, alwaysFailAuth);
        MechanismType fmt = new MechanismType();
        fmt.setClassName("com.tremolosecurity.proxy.auth.AlwaysFail");
        fmt.setInit(new ConfigType());
        fmt.setParams(new ParamListType());
        fmt.setName("fail");
        fmt.setUri(failAuthUri);
        if (this.cfg.getAuthMechs() == null) {
            this.cfg.setAuthMechs(new AuthMechTypes());
        }
        this.cfg.getAuthMechs().getMechanism().add(fmt);
        this.alwaysFailAuthMech = fmt;
    }
    for (String key : this.authChains.keySet()) {
        AuthChainType act = this.authChains.get(key);
        for (AuthMechType amt : act.getAuthMech()) {
            if (amt.getName().equals(this.alwaysFailAuthMech.getName())) {
                this.authFailChain = act;
                break;
            }
        }
    }
    if (this.authFailChain == null) {
        this.authFailChain = new AuthChainType();
        this.authFailChain.setLevel(0);
        this.authFailChain.setName("alwaysfail");
        AuthMechType amt = new AuthMechType();
        amt.setName(this.alwaysFailAuthMech.getName());
        amt.setRequired("required");
        amt.setParams(new AuthMechParamType());
        this.authFailChain.getAuthMech().add(amt);
    }
    try {
        if (this.getCfg().getAuthMechs() != null && this.getCfg().getAuthMechs().getDynamicAuthMechs() != null && this.getCfg().getAuthMechs().getDynamicAuthMechs().isEnabled()) {
            DynamicPortalUrlsType dynamicAuthMechs = this.getCfg().getAuthMechs().getDynamicAuthMechs();
            String className = dynamicAuthMechs.getClassName();
            HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
            for (ParamType pt : dynamicAuthMechs.getParams()) {
                Attribute attr = cfgAttrs.get(pt.getName());
                if (attr == null) {
                    attr = new Attribute(pt.getName());
                    cfgAttrs.put(pt.getName(), attr);
                }
                attr.getValues().add(pt.getValue());
            }
            DynamicAuthMechs dynCustomAuMechs = (DynamicAuthMechs) Class.forName(className).newInstance();
            dynCustomAuMechs.loadDynamicAuthMechs(this, this.getProvisioningEngine(), cfgAttrs);
        }
    } catch (InstantiationException | IllegalAccessException | ClassNotFoundException | ProvisioningException e) {
        throw new ServletException("Could not initialize authentication mechanisms", e);
    }
}
Also used : AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType) AnonAuth(com.tremolosecurity.proxy.auth.AnonAuth) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ServletException(javax.servlet.ServletException) DynamicAuthMechs(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthMechs) AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) MechanismType(com.tremolosecurity.config.xml.MechanismType) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) ConfigType(com.tremolosecurity.config.xml.ConfigType) ParamListType(com.tremolosecurity.config.xml.ParamListType) AuthMechTypes(com.tremolosecurity.config.xml.AuthMechTypes) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) KeyStoreException(java.security.KeyStoreException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LDAPException(com.novell.ldap.LDAPException) AzException(com.tremolosecurity.proxy.az.AzException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType) ParamType(com.tremolosecurity.config.xml.ParamType) AlwaysFail(com.tremolosecurity.proxy.auth.AlwaysFail) DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)

Example 59 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class Groups2Attribute method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HttpSession session = request.getSession();
    if (session.getAttribute(key) == null) {
        AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        Attribute members = authInfo.getAttribs().get(this.attrName);
        if (members == null) {
            members = new Attribute();
            authInfo.getAttribs().put(this.attrName, members);
        }
        StringBuffer filter = new StringBuffer();
        ArrayList<String> attrs = new ArrayList<String>();
        attrs.add("cn");
        LDAPSearchResults res = this.cfg.getMyVD().search(this.base, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attrs);
        while (res.hasMore()) {
            LDAPEntry entry = res.next();
            String cn = entry.getAttribute("cn").getStringValue();
            if (p != null) {
                Matcher m = p.matcher(cn);
                if (m.matches()) {
                    members.getValues().add(m.group(groupNum));
                }
            } else {
                members.getValues().add(cn);
            }
        }
        session.setAttribute(key, key);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) Attribute(com.tremolosecurity.saml.Attribute) Matcher(java.util.regex.Matcher) HttpSession(javax.servlet.http.HttpSession) ArrayList(java.util.ArrayList) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 60 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class Groups2Attribute method initFilter.

@Override
public void initFilter(HttpFilterConfig config) throws Exception {
    this.cfg = config.getConfigManager();
    Attribute attr = config.getAttribute("base");
    if (attr == null) {
        throw new Exception("No base specified");
    }
    this.base = attr.getValues().get(0);
    attr = config.getAttribute("pattern");
    if (attr != null && !attr.getValues().get(0).isEmpty()) {
        this.p = Pattern.compile(attr.getValues().get(0));
    } else {
        this.p = null;
    }
    attr = config.getAttribute("attrName");
    if (attr == null) {
        throw new Exception("No attribute name specified");
    }
    this.attrName = attr.getValues().get(0);
    attr = config.getAttribute("groupNum");
    if (attr != null) {
        this.groupNum = Integer.parseInt(attr.getValues().get(0));
    }
    StringBuffer b = new StringBuffer();
    b.append("GS2ATTR_").append(this.attrName).append("_RUN");
    this.key = b.toString();
}
Also used : Attribute(com.tremolosecurity.saml.Attribute)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26